This Is the New Leader of Russia’s Infamous Sandworm Hacking Unit


For years, the hacking unit within Russia’s GRU military intelligence agency known as Sandworm has carried out some of the worst cyberattacks in history—blackouts, fake ransomware, data-destroying worms—from behind a carefully maintained veil of anonymity. But after half a decade of the spy agency’s botched operations, blown cover stories, and international indictments, perhaps it’s no surprise that pulling the mask off the man leading that highly destructive hacking group today reveals a familiar face.

The passport Evgenii Serebriakov used to enter the Netherlands in 2018.

Photograph: Department of Justice

The commander of Sandworm, the notorious division of the agency’s hacking forces responsible for many of the GRU’s most aggressive campaigns of cyberwar and sabotage, is now an official named Evgenii Serebriakov, according to sources from a Western intelligence service who spoke to WIRED on the condition of anonymity. If that name rings a bell, it may be because Serebriakov was indicted, along with six other GRU agents, after being caught in the midst of a close-range cyberespionage operation in the Netherlands in 2018 that targeted the Organization for the Prohibition of Chemical Weapons in the Hague.

In that foiled operation, Dutch law enforcement didn’t just identify and arrest Serebriakov and his team, who were part of a different GRU unit generally known as Fancy Bear or APT28. They also seized Serebriakov’s backpack full of technical equipment, as well as his laptop and other hacking devices in his team’s rental car. As a result, Dutch and US investigators were able to piece together Serebriakov’s travels and past operations stretching back years and, given his newer role, now know in unusual detail the career history of a rising GRU official.

According to the intelligence service sources, Serebriakov was placed in charge of Sandworm in the spring of 2022 after serving as deputy commander of APT28, and now holds the rank of colonel. Christo Grozev, the lead Russia-focused investigator for open source intelligence outlet Bellingcat, has also noted Serebriakov’s rise: Around 2020, Grozev says, Serebriakov began receiving phone calls from GRU generals who, in the agency’s strict hierarchy, only speak to higher-level officials. Grozev, who says he bought the phone data from a Russian black market source, says he also saw the GRU agent’s number appear in the phone records of another powerful military unit focused on counterintelligence. “I realized he must be in a command position,” says Grozev. “He can’t just be a regular hacker anymore.”

The fact that Serebriakov appears to have attained that position despite having been previously identified and indicted in the failed Netherlands operation suggests that he must have significant value to the GRU—that he’s “apparently too good to dump,” Grozev adds.

Serebriakov’s new position leading Sandworm—officially GRU Unit 74455 but also known by the nicknames Voodoo Bear and Iridium—puts him in charge of a group of hackers who are perhaps the world’s most prolific practitioners of cyberwar. (They’ve also dabbled in espionage and disinformation campaigns.) Since 2015, Sandworm has led the Russian government’s unprecedented campaign of cyberattacks on Ukraine: It penetrated electric utilities in western Ukraine and Kyiv to cause the first- and second-ever blackouts triggered by hackers and targeted Ukrainian government agencies, banks, and media with countless data-destructive malware operations. In 2017, Sandworm released NotPetya, a piece of self-replicating code that spread to networks worldwide and inflicted a record $10 billion in damage. Sandworm then went on to sabotage the 2018 Winter Olympics in Korea and attack TV broadcasters in the nation of Georgia in 2019, a shocking record of reckless hacking.

#Leader #Russias #Infamous #Sandworm #Hacking #Unit


Related Posts

Marvel’s Blade Movie Delayed by Writer’s Strike

[ad_1] Marvel’s vampire hunter Blade is a fierce warrior but he may have finally met his match: labor unions. The upcoming, long-in-development reboot of the Marvel franchise…

How to Watch the Coronation of King Charles III Live

[ad_1] King Charles III officially shed his princedom when Queen Elizabeth II died, and the British royal’s new position will be formalized on May 6 in a coronation…

‘Quordle’ today: See each ‘Quordle’ answer and hints for May 6

[ad_1] If Quordle is a little too challenging today, you’ve come to the right place for hints. There aren’t just hints here, but the whole Quordle solution….

How to use a passkey instead of a password to sign into your Google account

[ad_1] Passwords have always been a necessary evil, giving you the choice of either using one that is too simple (so you can easily remember it) or…

Amazon quietly acquired audio content discovery engine Snackable AI to boost its podcast projects

[ad_1] Amazon quietly acquired New York-based audio content discovery engine Snackable AI last December to boost its podcast features, as first reported by New York Post. The…

Warhammer 40K’s New Tyranid Screamer-Killer Is a Great Update

[ad_1] A new edition of Warhammer 40K means new models—and for some of the 40-year-old wargaming franchise’s creatures and characters, that means updates they’ve not had in…

Leave a Reply

Your email address will not be published. Required fields are marked *